X-Git-Url: https://git.heureux-cyclage.org/?a=blobdiff_plain;f=includes%2FWebResponse.php;h=ab7524c22e1933a8889ab66f5c516e4c03fcf264;hb=88c1d93cb07670b971e16a6923e5c86144151fad;hp=d1f645cbcb17b0608ec6cd59ad578fb86535fab1;hpb=ef30e0b49d7743174f6fcc38b4d208d3c751ef48;p=lhc%2Fweb%2Fwiklou.git diff --git a/includes/WebResponse.php b/includes/WebResponse.php index d1f645cbcb..ab7524c22e 100644 --- a/includes/WebResponse.php +++ b/includes/WebResponse.php @@ -42,56 +42,81 @@ class WebResponse { * Set the browser cookie * @param string $name name of cookie * @param string $value value to give cookie - * @param int $expire Unix timestamp (in seconds) when the cookie should expire. + * @param int|null $expire Unix timestamp (in seconds) when the cookie should expire. * 0 (the default) causes it to expire $wgCookieExpiration seconds from now. - * @param string $prefix Prefix to use, if not $wgCookiePrefix (use '' for no prefix) - * @param string $domain Cookie domain to use, if not $wgCookieDomain - * @param $forceSecure Bool: - * true: force the cookie to be set with the secure attribute - * false: force the cookie to be set without the secure attribute - * null: use the value from $wgCookieSecure + * null causes it to be a session cookie. + * @param array $options Assoc of additional cookie options: + * prefix: string, name prefix ($wgCookiePrefix) + * domain: string, cookie domain ($wgCookieDomain) + * path: string, cookie path ($wgCookiePath) + * secure: bool, secure attribute ($wgCookieSecure) + * httpOnly: bool, httpOnly attribute ($wgCookieHttpOnly) + * raw: bool, if true uses PHP's setrawcookie() instead of setcookie() + * For backwards compatability, if $options is not an array then it and + * the following two parameters will be interpreted as values for + * 'prefix', 'domain', and 'secure' + * @since 1.22 Replaced $prefix, $domain, and $forceSecure with $options */ - public function setcookie( $name, $value, $expire = 0, $prefix = null, $domain = null, $forceSecure = null ) { + public function setcookie( $name, $value, $expire = 0, $options = null ) { global $wgCookiePath, $wgCookiePrefix, $wgCookieDomain; global $wgCookieSecure, $wgCookieExpiration, $wgCookieHttpOnly; - if ( $expire == 0 ) { - $expire = time() + $wgCookieExpiration; - } - if ( $prefix === null ) { - $prefix = $wgCookiePrefix; + + if ( !is_array( $options ) ) { + // Backwards compatability + $options = array( 'prefix' => $options ); + if ( func_num_args() >= 5 ) { + $options['domain'] = func_get_arg( 4 ); + } + if ( func_num_args() >= 6 ) { + $options['secure'] = func_get_arg( 5 ); + } } - if ( $domain === null ) { - $domain = $wgCookieDomain; + $options = array_filter( $options, function ( $a ) { + return $a !== null; + } ) + array( + 'prefix' => $wgCookiePrefix, + 'domain' => $wgCookieDomain, + 'path' => $wgCookiePath, + 'secure' => $wgCookieSecure, + 'httpOnly' => $wgCookieHttpOnly, + 'raw' => false, + ); + + if ( $expire === null ) { + $expire = 0; // Session cookie + } elseif ( $expire == 0 && $wgCookieExpiration != 0 ) { + $expire = time() + $wgCookieExpiration; } - if ( is_null( $forceSecure ) ) { - $secureCookie = $wgCookieSecure; - } else { - $secureCookie = $forceSecure; + // Don't mark the cookie as httpOnly if the requesting user-agent is + // known to have trouble with httpOnly cookies. + if ( !wfHttpOnlySafe() ) { + $options['httpOnly'] = false; } - // Mark the cookie as httpOnly if $wgCookieHttpOnly is true, - // unless the requesting user-agent is known to have trouble with - // httpOnly cookies. - $httpOnlySafe = $wgCookieHttpOnly && wfHttpOnlySafe(); - - wfDebugLog( 'cookie', - 'setcookie: "' . implode( '", "', - array( - $prefix . $name, - $value, - $expire, - $wgCookiePath, - $domain, - $secureCookie, - $httpOnlySafe ) ) . '"' ); - setcookie( $prefix . $name, - $value, - $expire, - $wgCookiePath, - $domain, - $secureCookie, - $httpOnlySafe ); + $func = $options['raw'] ? 'setrawcookie' : 'setcookie'; + + if ( wfRunHooks( 'WebResponseSetCookie', array( &$name, &$value, &$expire, $options ) ) ) { + wfDebugLog( 'cookie', + $func . ': "' . implode( '", "', + array( + $options['prefix'] . $name, + $value, + $expire, + $options['path'], + $options['domain'], + $options['secure'], + $options['httpOnly'] ) ) . '"' ); + + call_user_func( $func, + $options['prefix'] . $name, + $value, + $expire, + $options['path'], + $options['domain'], + $options['secure'], + $options['httpOnly'] ); + } } } @@ -116,6 +141,8 @@ class FauxResponse extends WebResponse { } else { list( $key, $val ) = array_map( 'trim', explode( ":", $string, 2 ) ); + $key = strtoupper( $key ); + if ( $replace || !isset( $this->headers[$key] ) ) { $this->headers[$key] = $val; } @@ -127,10 +154,12 @@ class FauxResponse extends WebResponse { } /** - * @param $key string + * @param string $key The name of the header to get (case insensitive). * @return string */ public function getheader( $key ) { + $key = strtoupper( $key ); + if ( isset( $this->headers[$key] ) ) { return $this->headers[$key]; } @@ -152,11 +181,9 @@ class FauxResponse extends WebResponse { * @param string $name name of cookie * @param string $value value to give cookie * @param int $expire number of seconds til cookie expires (Default: 0) - * @param $prefix TODO DOCUMENT (Default: null) - * @param $domain TODO DOCUMENT (Default: null) - * @param $forceSecure TODO DOCUMENT (Default: null) + * @param array $options ignored */ - public function setcookie( $name, $value, $expire = 0, $prefix = null, $domain = null, $forceSecure = null ) { + public function setcookie( $name, $value, $expire = 0, $options = null ) { $this->cookies[$name] = $value; }